ClawHub

generate-pptx

Security checks across malware telemetry and agentic risk

Overview

This is a coherent PPTX-generation skill, with the main caveat that it may create or reuse a Python environment and install python-pptx.

Install this only if you are comfortable with it creating or reusing a Python virtual environment and installing python-pptx from pip. For stricter isolation, run it in a dedicated venv or container, or preinstall the dependency yourself before using the PPTX packaging scripts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def _install_dependency(python_executable: Path) -> None:
    subprocess.run([str(python_executable), "-m", "pip", "install", REQUIRED_PACKAGE], check=True)


def ensure_skill_env() -> SkillEnv:
Confidence
85% confidence
Finding
subprocess.run([str(python_executable), "-m", "pip", "install", REQUIRED_PACKAGE], check=True)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs the agent to use shell commands, read and write local files, inspect the environment, create or reuse a virtual environment, and install dependencies, yet no permissions are declared. This is dangerous because it hides the true execution capabilities from reviewers and users, reducing informed consent and making unexpected filesystem or command execution more likely.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The description presents the skill as a conversational slide-generation workflow, but the actual behavior primarily performs local environment preparation, dependency installation, and packaging of provided SVG/JSON into PPTX. This mismatch is risky because users may authorize the skill expecting content assistance while it also performs code-execution and installation actions that are not clearly disclosed.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal